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Amendments to the Claims 

Please amend the claims as follows: 



1 . (Currently Amended) A method for thwarting coordinated SYN denial of 
service (CSDoS) attaclts against a server S disposed in a netwoi1< of 
interconnected elements communicating using the TCP protocol, comprising the 
steps of 

controlling a network switch to divert a predetemnined fraction of SYN 
packets destined for said server, to a web guard processor. 

establishing a first TCP connection between one or more clients 
originating said packets and said web guard processor, dnd a second TCP 
connection between said web guard processor and said server, so that packets 
can be transmitted between said one or more clients and said server, 

monitoring the number of timed-out connections between said web guard 
oorvor processor and said one or more clients, 

if the number of tImed-out connections between said web guard corver 
processor and said one or more clients exceeds a first predetermined threshold, 
controlling said switch to divert all SYN packets destined to said server to said 
web guanj processor. 



2. (Currently Amended) The method of claim 1 whorejn said prooocc further 
meludes further comprisino the step of generating an alami indicating that saki 
server is likely to be under attack. 

i 

3. (Currently Amended) The method of claim 1 1ncluding the further steps of 

determining if the number of timed-out connectlqhs between saM web guard 
setvef processor and said clients exceeds a second pr^^determined threshold, and 
if so, controlling sakJ switch to delete all SYN pabkets destined for said 

server. 
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4. (Currently Amended) The method of claim 3 whoroiirii caid procooo furtho f 
in/:a»d^ fiirthf^r nomprislna the step of generating an alarm indicating that said 
server is under attack. 

5. (Original) The method of claim 1 further including thei:step of notifying said 
server that it is under attack. •] 

6. (Original) The method of claim 1 further including thejstep of notifying other 
wab guard processors in said networi< that said server isjsunder attack. 

Ii 

!'' 

7. (Original) A method for thwarting coordinated SYN denial of service (CSDoS) 
attacks against a server S disposed in a networit of interconnected elements 
communicating using the TCP protocol, said attack originating from a malicious 
host generating SYN packets destined for said server, said method comprising 

the steps of i; 

arranging a svwitch receiving said SYN packets d^tined to said server to 
fonward said SYN packets to a TCP proxy arranged to operate without an 
associated cache, [j 

whereby said TCP proxy, wrtien subject to a CSDpS attack, does not 
successfully establish a TCP connection with said malicfous host, and no TCP 
connection is made from said TCP proxy to said servenl^thereby protecting said 
server from said attack. u 

8. (Currently Amended) A method for thwarting coordinated SYN denial of 
service (CSDOS) attacks against a server S disposed irjia networic of 
interconnected elements communicating using the TCRjprotocol, comprising the 

Steps of \i 

fonwarding a statistical sampling of $ai4 packets jfrom a switch in said 

network to a processor, *: 
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. / if packets in said sampling indicate an attack, altering the operation of said 

/ switch to reduce the effects of said attack. | . 



9. (Original) The method of claim 8 wherein said switcH is arranged to discard 
packets in the event an attack is detected. 



I 
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